I realize this thread is a week old, but one package that no one talked about was Portsentry. It does not come bundled with SuSE, but its free out there -- just check http://www.freshmeat.net. I run both scanlogd and portsentry, and portsentry gets the most use. Most scans these days on the internet are to one port. I.e. a script kiddie will scan a whole subnet for one particular port being open. That will not get picked up by scanlog. As for scanlogd and being the specific target of someone - I have had great success with scanlog picking up the scans. Yes, there are some false positives, but not that many. I'm not going to get into the legal ramifications of port scanning someone... But I usually just contact the admin of the site if its obvious that it could be a compromised system (i.e. you usually don't get scanned from ns2.somewhere.com to port 23...) Also, if I get scanned, you are automatically dropped into a "reject" route in my routing table. If I see multiple attempts from the same site, I'll contact the ISP. Unfortunately as someone else said, its something that we'll probably just have to live with. Lock down your systems, keep up with the security threads, actively monitor your logs and you'll be fine. Just some of my thoughts... Paul Kincaid -----Original Message----- From: Timo Schulz [mailto:twoaday@gmx.de] Sent: Wednesday, April 26, 2000 9:07 AM To: SuSE Security Subject: [suse-security] Portscans Hi list, I have a few questions about the detection of port scanning. In the IX 5/May 2000 magazin (German), the author writes that he uses nmap to scan a well used web site. First I want to know if the victim can easily detect the scan and how to prevent such scans. Does SuSE 6.x contain any tools to do that ? PS: I ask me, if it is legal to do portscans on any sites ? -- Two-a-Day at joesixpack.net www.freenet.de/joesixpack keyid BF3DF9B4 --------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com